| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Considering the most recent runs, this reduces the total amount of time
it takes to run the tests from about 9-10 minutes to about 3 minutes.
Note: Which jobs are split is mostly determined by how long each test
takes.
For example, this is the time each test step took in a run of
`build_and_test` (10m17s total for the job) on commit bfcf8bc31 ("Merge
pull request #5956 from kmk3/build-fix-dep-syntax", 2023-08-14)[1]:
* 17s test-seccomp-extra
* 1s test-firecfg
* 16s test-capabilities
* 6s test-apparmor
* 10s test-appimage
* 10s test-chroot
* 41s test-sysutils
* 24s test-private-etc
* 40s test-profiles
* 4s test-fcopy
* 2s test-fnetfilter
* 98s test-fs
* 103s test-utils
* 57s test-environment
* 69s test-network
[1]: https://github.com/netblue30/firejail/actions/runs/5860927500/job/15890009169
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Move scan-build, cppcheck and CodeQL (cpp).
This is similar to build-extra.yml, but for jobs that check for issues
in the code rather than checking for build failures.
Note: As this deletes codeql-analysis.yml, its configuration also has to
be deleted in the GitHub web UI to prevent it from warning about the
file being missing:
* Security -> Code scanning -> Tool status -> (Setup Types) CodeQL ->
(Configurations) language:python -> Delete configuration
Misc: The above was clarified by @topimiettinen[1].
[1] https://github.com/netblue30/firejail/pull/5960#issuecomment-1685262643
|
| | |
| |
| |
| |
| |
| |
| | |
Do so when the output of the given job is not important.
For example, when the output of another job can be used for debugging
build-related issues.
|
| | |
| |
| |
| |
| | |
Testing takes significantly longer than building, so this makes the
default build check faster.
|
| | |
| |
| |
| | |
All of the current workflows are used for CI.
|
| | |
| |
| |
| | |
Only run the CodeQL Python analysis if a .py file is changed.
|
| | |
| |
| |
| |
| | |
Note: When generating a new workflow, the permissions do not have
comments anymore.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That is, replace `paths-ignore` with `paths`.
This should reduce the number of unnecessary workflow executions and the
frequency at which paths are changed. It also reduces the overall
number of paths used.
Also, add the missing ci/printenv.sh to the path whitelists.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
And limit the output of `diff` in the test to avoid logging thousands of
lines of a hexdump.
Likely broken by commit 3077b2d1f ("update disable-devel.inc",
2023-08-22)[1].
[1] https://github.com/netblue30/firejail/actions/runs/5945120115/job/16123622451
|
| | | |
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This partially reverts commit d94f54736 ("disable all ssh utilities in
disable-common.inc", 2023-08-20).
Certain files in ~/.ssh are only used by sshd (not by ssh), so always
blacklist them.
Also, ssh itself does not need write access to the configuration files,
so make them read-only by default.
For details, see commit 2ec3f3a96 ("disable-common.inc: add missing
openssh paths", 2021-01-09) / PR #3885.
Cc: @netblue30
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is breaking test-fs in CI since at least commit f37cd57cd ("disable
all /bin/dpkg* programs in disable-common.inc", 2023-08-20)[1].
[1] https://github.com/netblue30/firejail/actions/runs/5918495917/job/16062400120
|
| |/ / |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
build: add missing makefile dep & syntax improvements
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Escape `.` only when generating the syntax files rather than directly in
the syntax lists, so that the latter contain the command names as is.
This also makes the escaping apply to the arg1 syntax list as well.
Note: Double escaping (`\\\\.`) is used in `regex_fromlf` because its
output is used in another sed replacement (where it needs to be `\\.`).
Relates to #5627.
|
| | |
| |
| |
| | |
Relates to #5627.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the non-phony targets that are defined in the root Makefile depend
on it, to ensure that they get re-generated if their recipes change.
Note that these targets are generated nearly instantly, so this should
not noticeably affect rebuild times.
Relates to #5627.
|
| |\ \
| | |
| | | |
build: codespell improvements
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ignore only third-party/vendored files (such as license files and files
in m4/).
And ignore more words to fix the following errors:
$ make codespell
Running codespell...
./README:484: als ==> also
./README:646: Shotcut ==> Shortcut
./RELNOTES:516: als ==> also
./etc/inc/disable-common.inc:506: chage ==> change, charge
./etc/apparmor/firejail-default:35: readby ==> read, read by
./etc/apparmor/firejail-default:36: readby ==> read, read by
./etc/profile-a-l/als.profile:1: als ==> also
./etc/profile-a-l/als.profile:5: als ==> also
make: *** [Makefile:374: codespell] Error 65
$ codespell --version
2.2.5
|
| | | |
| | |
| | |
| | |
| | | |
Since it runs through make, the target may depend on variables that are
defined by ./configure (such as the ones in config.mk).
|
| | | |
| | |
| | |
| | |
| | | |
Split the spellchecking job from the build-related jobs to make
debugging easier.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It works just fine without it (at least for the files in src/).
Note that by default codespell does not warn about binary files ("The
default mask is 34"):
$ make -j "$(nproc)" >/dev/null
$ make codespell
codespell --ignore-regex "UE|creat|doas|ether|isplay|shotcut" src test
$ codespell --version
2.2.5
$ codespell --help
[...]
-q QUIET_LEVEL, --quiet-level QUIET_LEVEL
bitmask that allows suppressing messages:
- 0: print all messages.
- 1: disable warnings about wrong encoding.
- 2: disable warnings about binary files.
- 4: omit warnings about automatic fixes that were
disabled in the dictionary.
- 8: don't print anything for non-automatic fixes.
- 16: don't print the list of fixed files.
- 32: don't print configuration files.
As usual with bitmasks, these levels can be combined;
e.g. use 3 for levels 1+2, 7 for 1+2+4, 23 for
1+2+4+16, etc. The default mask is 34.
Also, note that adding many ignore patterns (such as all of the ones in
.gitignore) makes it slower than letting codespell find and skip binary
files by itself. So just add the most common ones, which do not
noticeably change how fast codespell runs either but they do reduce the
noise when running with `-q 0`.
Homepage: https://github.com/codespell-project/codespell
Added on commit d78fc96ee ("codespell github action", 2023-03-05).
|
| | |/
| |
| |
| |
| |
| | |
Found by simply running `codespell .`.
Environment: codespell 2.2.5-2 on Artix Linux.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0ba4244466797eb048eb91a6cd43d5c03ca8bd05...5b6282e01c62d02e720b81eb8a51204f527c3624)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |/
|
|
|
| |
mpDris2 brings MPRIS2 support to MPD:
https://github.com/eonpatapon/mpDris2
|
| |
|
|
|
|
|
| |
Change the old .txt paths into the new .in paths.
This amends commit 76bd5ad0f ("build: simplify code related to man
pages", 2023-07-12) / PR #5898.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following errors:
$ make clean
[...]
cd test/compile; ./compile.sh --clean; cd ../..
./compile.sh: line 55: TARNAME: command not found
./compile.sh: line 55: VERSION: command not found
This amends commit 200f389ed ("build: use config.sh in more scripts",
2023-07-28) / PR #5927.
|
| |\
| |
| | |
build(deps): Update step-security/harden-runner and update allowed endpoints
|
| | |
| |
| |
| | |
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
|
| |/
|
|
| |
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following errors:
$ make codespell
[...]
codespell --ignore-regex "UE|creat|doas|shotcut|ether" src test
src/firemon/procevent.c:188: duble ==> double
src/fnettrace/main.c:30: postive ==> positive
src/fnettrace/main.c:30: defiend ==> defined
src/fnettrace/main.c:482: isplay ==> display
make: *** [Makefile:371: codespell] Error 65
$ codespell --version
2.2.5
Added in the following commits:
* bef5d86a1 ("increase socket buffer size for firemon, bug #2700",
2019-09-29)
* c4962789f ("nettrace stats", 2023-08-08)
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* comment `include whitelist-common.inc` when using `private`
* drop `private` on profiles that access files in `${HOME}`
* use `#` in comments
Relates to #903.
|
| | |
| |
| |
| |
| |
| |
| | |
This fixes 0ad not opening on OpenSUSE Tumbleweed due to a "Permission
denied" error when trying to open "libmozjs-78.so.0".
See this issue that describes it all:
https://github.com/netblue30/firejail/issues/5938#issue-1833607321
|
| | |
| |
| |
| |
| | |
* firecfg.config: add support for clac
* Create clac.profile
|
| | | |
|
| | |\
| | |
| | | |
build: firecfg.config sorting improvements
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently the CI check does not consider certain special characters
(such as `-`) when sorting due to `sort -d`.
So remove `-d`, sort firecfg using `LC_ALL=C` and enforce that order.
Also add `sort -u` to check for duplicates.
This also allows the CI check to ignore normal comments (lines starting
with `# `) anywhere in the file.
Relates to #4643.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove the space after `#` for commented code and use `#` instead of `-`
for comments at the end of the line.
Commands used to search and replace:
$ f=src/firecfg/firecfg.config; printf '%s\n' "$(sed -E \
-e '3,9999s/^# /#/' \
-e '3,9999s/^#([^ ]+) --? /#\1 # /' \
"$f")" >"$f"
|
Kelvin M. Klann
netblue30
dependabot[bot]
glitsj16
pirate486743186
Varun Sharma
leukimi